# 1. 找到未加密的参数       # window.asrsea(参数，xxx,xxx,xxx)
# 2. 想办法把参数进行加密（必须参考网易的逻辑），params => encText, encSecKey => encSecKey
# 3. 请求到网易，拿到评论信息

# 需要安装pycrypto pip install pycrypto
import requests, json
from Crypto.Cipher import AES
from base64 import b64encode

url = "https://music.163.com/weapi/comment/resource/comments/get?csrf_token="

# 请求方式 post

data = {
    "csrf_token": "",
    "cursor": "-1",
    "offset": "0",
    "orderType": "1",
    "pageNo": "1",
    "pageSize": "20",
    "rid": "R_SO_4_1325905146",
    "threadId": "R_SO_4_1325905146",
}

# 服务于d的
e = '010001'
f = '00e0b509f6259df8642dbc35662901477df22677ec152b5ff68ace615bb7b725152b3ab17a876aea8a5aa76d2e417629ec4ee341f56135fccf695280104e0312ecbda92557c93870114af6c9d05c4f7f0c3685b7a46bee255932575cce10b424d813cfe4875d3e82047b97ddef52741d546b8e289dc6935b3ece0462db0a22b8e7'
g = '0CoJUm6Qyw8W8jud'
i = 'BvWqzX8IGG3jNxRh'      # 手动固定的 ——> 人家函数中是随机的

def get_encSecKey():        # 由于i是固定的，那么enSecText就是固定的，c()函数的结果就是固定的
    return "818059b5218785c22dcc86b9b63b26c7deb8ca68aaa90b8d6d67ca1ad96f39150c56e1c68462910d877a9cf70a85a21ae8d0f9d5f85a9a4ba2b7c771433f7813255b2b5439ce5ddc968f58e41fc38cebecb446800865641dfdf6fee372c74b397d2ecdde7f1322b07e0e9c96ec6b0ac77e6f844c704b19a91c049e86d5728680"

# 吧参数进行加密
def get_params(data):   # 默认这里收到的是字符串
    first = enc_params(data, g)
    second = enc_params(first, i)
    return second   # 返回的就是params

# 转化成16的倍数，为下方的加密算法服务
def to_16(data):
    pad = 16 - len(data) % 16
    data += chr(pad) * pad
    return data

# 加密过程
def enc_params(data, key): # 加密过程
    iv = "0102030405060708"
    data = to_16(data)
    aes = AES.new(key=key.encode('utf-8'), IV=iv.encode('utf-8'), mode=AES.MODE_CBC)     # 创建加密器
    bs = aes.encrypt(data.encode('utf-8'))   # 加密, 加密的内容的长度必须是16的倍数，
    return str(b64encode(bs),'utf-8')   # 转换成字符串返回


# 处理加密过程
"""
    function a(a = 16) {        # 随机的16位字符串
        var d, e, b = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", c = "";
        for (d = 0; a > d; d += 1)  # 循环16次
            e = Math.random() * b.length,   # 随机数
            e = Math.floor(e),          # 取整
            c += b.charAt(e);           # 取字符串中的xxx位置 b
        return c
    }
    function b(a, b) {      # a是要加密的内容，
        var c = CryptoJS.enc.Utf8.parse(b)      # b是密钥
          , d = CryptoJS.enc.Utf8.parse("0102030405060708")
          , e = CryptoJS.enc.Utf8.parse(a)      # e是数据
          , f = CryptoJS.AES.encrypt(e, c, {    # c加密的密钥
            iv: d,      # 偏移量
            mode: CryptoJS.mode.CBC     # 模式：CBC
        });
        return f.toString()
    }
    function c(a, b, c) {       # c里面不产生随机数
        var d, e;
        return setMaxDigits(131),
        d = docker基础 RSAKeyPair(b,"",c),
        e = encryptedString(d, a)
    }
    function d(d, e, f, g) {            # d : 数据，e: '010001' f：很长  g: 0CoJUm6Qyw8W8jud
        var h = {}                      # 空对象
          , i = a(16);                  # 16位的随机值， 把i设置为定制
        return h.encText = b(d, g),     # g是密钥
        h.encText = b(h.encText, i),    # 返回的就是params   i也是密钥
        h.encSecKey = c(i, e, f),       # 得导到就是encSecKey，e和f是定死的，如果此时我把i固定，得到的key一定是固定的
        h
    }
    
    两次加密：
    数据+g => b => 第一次加密+i => b => params
"""

headers = {
    "origin": "https://music.163.com",
    "referer": "https://music.163.com/song?id=1325905146",
    "sec-ch-ua-platform": "Windows",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36",
    "accept-language": "zh-CN,zh;q=0.9",
    "content-type": "application/x-www-form-urlencoded",
}

data = {
    "params":get_params(json.dumps(data)),
    # "params":"1x/vg9G+hv9UcK6TLCtJJn8r3EVD44O6wFxeQO86CO0oucBhS0P4o+I9bkouLuJF+2zkIM3wnHiQAw61Mw0Mo5d8XxWYHk1lg1H5hi9QPzSvVBZc7BZAm5xuXFVJA7b+oEmTkDtkWn6NflBaDO0dbKTvXPDffyOTLEb9+VYWuzFQkzypjGg07YTSorFFw6TIp9CRKU81QtfXlybPlbk+bA2uISefH1rKu+/887mmCeMyPZz7QlavBrnlGUxH1muUpKh+sJER3fbGwY7UlPvqH8XJUhu4qg/k3p8cbWW55ks=",
    "encSecKey": get_encSecKey()
    # "encSecKey": "22c8eb4cbd0fbbbd26f85590f6104c3762418cdf3e917857aca9326dcc5736ee2cd549e25782741848afd3b1c8cc493e07920055f71abc751fff4401812f11a7e4eefa0928197031ff7c182a11a7238aa3eecc7228f3cdb553b31fb3bf902294d349b55fc2422d3ef32825adc4268c2a02c0c5722ceee71121cd732677897a21"
}

# print(data)
resp = requests.post(url, headers=headers, data=data)
print(resp.json())

